DPM 2.0 and the EBA’s 4.2 Reporting Framework: Key Changes and Strategic Implications for EU Banks

The European Banking Authority (EBA) has released the final technical package for version 4.2 of its supervisory reporting framework, marking a decisive step in the transition to the Data Point Model (DPM) 2.0 and in the modernization of regulatory reporting across the European Union.

In this article, we break down what this transition means in practice, explaining the key structural changes introduced by the 4.2 framework and outlining their operational and strategic implications for banks and payment service providers.

  Audio Article

Applicable from December 2025, the framework consolidates updated validation rules, DPM structures, and XBRL taxonomies covering a broad range of reporting obligations. Beyond its formal scope, the move to DPM 2.0 represents a structural shift in how regulatory data is produced, governed, and used. Reporting is no longer centered on static templates, but on a shared, structured data model designed to support automation, traceability, and comparability across institutions and jurisdictions. This change has important implications for banks, payment service providers (PSPs), and supervisors alike.

Completion of the Transition to DPM 2.0

Over the last ten years, the volume of regulatory data points required across EU supervisory reporting has expanded substantially, growing from roughly 40,000 data points in the mid-2010s to more than 100,000 today. This expansion illustrates why traditional, template-based reporting approaches have become increasingly difficult to sustain.

Version 4.2 completes the transition to DPM 2.0 (Data Point Model 2.0) across the supervisory reporting framework.

The Data Point Model defines how regulatory data is described, organized, and exchanged. Earlier releases operated with both DPM 1.0 and 2.0 in parallel; with version 4.2, the reporting architecture is now fully based on DPM 2.0 and its enhanced semantic glossary.

Another important aspect of DPM 2.0 is the way it handles change over time. The model introduces a more complete and systematic approach to historization through explicit versioning of reporting concepts, templates, and definitions. This makes it possible to track how regulatory requirements evolve, ensuring consistency and traceability across reporting periods even as rules and structures are updated.

More broadly, this transition introduces a more consistent and extensible way of defining reporting concepts, templates and validation logic. Instead of identifying information primarily through fixed positions in reporting templates, the framework relies on clearly defined data points supported by structured metadata and versioning mechanisms. This allows reporting requirements to evolve more flexibly while maintaining consistency across reports and over time.

This is not merely a technical upgrade. It establishes a new baseline for regulatory reporting built around semantic clarity, data consistency, and machine-readability, enabling both institutions and supervisors to work with regulatory data in a more systematic, transparent, and scalable way.

From Template-Based Reporting to a Data-Centric Model

One of the most significant shifts introduced by DPM 2.0 is the move away from template-driven reporting towards a fully data-centric approach.

Under the previous model, reporting processes were largely organized around:

• Excel templates or other static formats,
• Business rules and controls maintained manually in spreadsheets,
• Heterogeneous structures that differed significantly from one report to another.

With DPM 2.0, this logic is reversed. The core of the reporting process becomes a structured data model, where:

• Mappings and business rules are defined in database tables rather than embedded in spreadsheets,
• Validation rules are formalized and machine-readable,
• Each reported value is explicitly linked to its underlying definitions, rules and mappings,
• Controls that were previously managed manually can be automated and embedded into systems.

One of the practical changes behind this shift is that reporting elements are no longer tied to specific cells or positions in individual templates. Under DPM 2.0, these elements are identified in a more consistent way across reports. In technical terms, this means moving away from template-specific identifiers such as DatapointID and DatapointVID, and towards variable-based identifiers that allow the same information to be reused more easily across different reporting requirements.

For institutions, this opens the door to a more industrialized reporting process, with improved traceability and reduced reliance on manual interventions. For supervisory authorities, it allows data to be ingested, validated, and analyzed more efficiently, using consistent structures and automated validation mechanisms.

More broadly, this redesign makes it possible to apply modern data analytics and scalable technologies to supervisory datasets that were previously difficult to exploit due to fragmentation and lack of standardization.

New and Amended Reporting Areas

Alongside the horizontal transformation of the data model, the 4.2 framework also introduces substantive updates across several reporting domains. It includes:

• Instant Payments reporting, introducing harmonized templates under the SEPA Regulation to collect information on charges and rejected transactions from PSPs;
• Resolution planning (RESOL), with a comprehensive revision of the reporting requirements to strengthen data collection for resolution authorities;
• Operational risk reporting (COREP OF), aligned with CRR3/CRD6 and focused on own funds requirements;
• MREL decision reporting, updating how information on minimum requirements for own funds and eligible liabilities is collected;
• Supervisory benchmarking for market risk, with a narrower scope focused on institutions using the Alternative Standardized Approach.

Taken together, these changes not only standardize how data is reported but also deepen the prudential content and analytical value of the information collected.

Key Operational Implications for Banks and PSPs

From an implementation perspective, the new framework presents institutions with a strategic choice in how they adapt.

One possible approach is a minimal adaptation, where the focus is on meeting the new submission requirements with limited internal change. In this case, existing systems remain largely unchanged, and a conversion layer is added to generate DPM-compliant CSV or XBRL outputs. While this approach addresses the immediate regulatory obligation, it preserves much of the existing complexity of legacy reporting processes.

A more structural approach involves partial or full integration of DPM 2.0 into internal data architectures. This means aligning internal taxonomies, governance frameworks and business rules with the DPM model, and embedding validation logic earlier in the reporting chain. Although this requires greater initial effort and coordination across risk, finance, IT and reporting functions, it creates a foundation for reuse, automation and long-term efficiency.

In practice, many institutions are expected to operate both models in parallel for a period of time, comparing outputs under the previous and new frameworks to reconcile differences and refine controls. In the short term, the primary risk lies not in operational disruption but in timing pressures and the ability to meet regulatory deadlines, particularly for smaller institutions with limited resources.

For RegTech providers, the framework also creates opportunities to embed DPM 2.0 natively into reporting platforms, reducing the need for institutions to build bespoke “last-mile” transformation solutions.

Data Quality, Supervision, and Comparability

A central objective of the 4.2 framework is to support more granular, integrated, and consistent supervisory reporting across the EU. By relying on a common data model, supervisory authorities can:

1. Ingest data from multiple institutions into a single, coherent database,
2. Perform cross-entity comparisons and benchmarking more efficiently,
3. Identify outliers and emerging risks with greater precision,
4. Enhance supervisory analysis across domains such as operational risk, resolution, and liquidity.

For institutions, the benefits are primarily related to traceability and internal control. Individual reported figures can be linked back to their underlying logic, automated controls can progressively replace manual checks, and supervisory tools and dashboards may offer clearer insight into how reported data is interpreted and used.

While the transition is more demanding for smaller banks and Fintechs, the longer-term effect is a more transparent, standardized and data-driven reporting environment that reduces duplication of effort and improves overall data quality.

DPM 2.0 Implementation Challenges and Timelines

The 4.2 framework applies from the fourth quarter of 2025, with the technical package becoming effective in December 2025 and completing the transition to DPM 2.0 and the enhanced glossary.

From an implementation standpoint, the main challenge is time, not technological capability. Large institutions have often been working with draft versions of the new model for some time, while smaller institutions face tighter constraints in terms of resources and competing regulatory priorities. As a result, full alignment with the new data points and file formats may not be immediate across the entire sector.

Clear communication of timelines, realistic transition periods, and effective validation feedback mechanisms will therefore be critical to ensuring a coherent and consistent implementation across the EU.

A Structural Shift Toward Data-Driven Supervisory Reporting

The finalization of the 4.2 reporting framework and the completion of the transition to DPM 2.0 represent a structural change in EU supervisory reporting. What began as a technical initiative has evolved into a redefinition of how regulatory data is modelled, validated, and analyzed.

For supervisors, the framework promises higher-quality data, stronger comparability, and more powerful analytical capabilities. For banks and PSPs, it presents both a compliance challenge and a strategic opportunity. Institutions that treat DPM 2.0 solely as a new output format may meet regulatory requirements, but those that integrate it more deeply into their data architecture are likely to gain lasting advantages in efficiency, transparency and risk management.

While the transition requires significant effort in the short term, particularly for smaller institutions, the overall direction is clearly positive. By moving regulatory reporting onto a modern, data-driven foundation, the framework lays the groundwork for more resilient supervision and a more sustainable reporting ecosystem across the European financial system.

Stay Ahead of Regulatory Change

EU supervisory reporting is evolving fast, and DPM 2.0 is only one piece of a much broader transformation.

Subscribe to our newsletter to receive expert analysis on regulatory reporting, data governance, and risk management—explained clearly, without noise, and always with practical implications for banks and PSPs.